#meeting:fedoraproject.org log

<@davide:cavalca.name>

16:02:02

!startmeeting CentOS Hyperscale SIG

<@meetbot:fedora.im>

16:02:05

Meeting started at 2024-07-17 16:02:02 UTC

<@meetbot:fedora.im>

16:02:05

The Meeting name is 'CentOS Hyperscale SIG'

<@davide:cavalca.name>

16:02:38

morning everyone

<@conan_kudo:matrix.org>

16:02:42

Yo!

<@davide:cavalca.name>

16:02:44

!topic Roll call

<@conan_kudo:matrix.org>

16:02:49

!hi

<@zodbot:fedora.im>

16:02:51

Neal Gompa (ngompa) - he / him / his

<@daandemeyer/:matrix.org>

16:03:51

!hi

<@zodbot:fedora.im>

16:03:53

Daan De Meyer (daandemeyer)

<@davide:cavalca.name>

16:06:47

let's get started

<@davide:cavalca.name>

16:06:48

!topic Followups

<@davide:cavalca.name>

16:07:00

do we have any followups from the last meeting?

<@conan_kudo:matrix.org>

16:07:58

I don't think so?

<@conan_kudo:matrix.org>

16:08:05

we didn't have any action items or anything

<@conan_kudo:matrix.org>

16:08:45

the only thing from me is that the kernel is tricky because of openssl engine API being dropped in c10s

<@conan_kudo:matrix.org>

16:09:11

I have a solution I wound up using for fedora asahi and I'll probably pull that over to hyperscale kernel builds too

<@daandemeyer/:matrix.org>

16:09:47

Ah yes that's a thing

<@daandemeyer/:matrix.org>

16:09:52

I wonder why the systemd builds didn't blow up

<@daandemeyer/:matrix.org>

16:10:00

I guess we check the necessary defines

<@daandemeyer/:matrix.org>

16:10:31

Yup we do

<@conan_kudo:matrix.org>

16:10:34

it broke, of all things, the ability to sign kmods

<@conan_kudo:matrix.org>

16:10:55

since that's how we get access to secured cert backends and stuff

<@davide:cavalca.name>

16:12:14

alright, let's move to

<@davide:cavalca.name>

16:12:15

!topic Announcements

<@davide:cavalca.name>

16:12:35

flock is in a few weeks, and then devconfus

<@davide:cavalca.name>

16:12:43

should probably start planning talks and stuff

<@conan_kudo:matrix.org>

16:13:25

yes

<@conan_kudo:matrix.org>

16:13:43

we don't have a lot of time left, so we should definitely start working on those

<@conan_kudo:matrix.org>

16:15:59

I can probably start prepping our Hyperscale update talk, and then we should go through our list of talks and start working on those

<@davide:cavalca.name>

16:16:25

I'm off tomorrow and fri but can start taking a look next week

<@daandemeyer/:matrix.org>

16:16:34

We have c10s CI upstream now for the hyperscale spec

<@daandemeyer/:matrix.org>

16:16:48

It runs on stock centos 10, but builds using the hyperscale spec

<@conan_kudo:matrix.org>

16:17:40

awesome

<@daandemeyer/:matrix.org>

16:18:03

And also systemd-cd does c10s builds now, though I think nobody outside of Meta is using it

<@daandemeyer/:matrix.org>

16:20:04

And I guess what we just discussed in the matrix channel is also an announcement, we'll start shipping the Fedora selinux policy in hyperscale to get all the systemd fixes we need

<@davide:cavalca.name>

16:21:13

next up

<@davide:cavalca.name>

16:21:14

!topic Tickets

<@davide:cavalca.name>

16:21:52

I think the only pending one here is getting a kernel branched for c10s

<@conan_kudo:matrix.org>

16:23:37

yeah, and I'm working through that

<@conan_kudo:matrix.org>

16:23:44

my hope is that it will be part of me shipping the next rebase

<@conan_kudo:matrix.org>

16:24:06

I guess the only bit for me to think about is whether I want to do 6.9 still or 6.10

<@conan_kudo:matrix.org>

16:24:25

I'm leaning toward 6.10 because there's no fedora-6.10 branch yet and I generally like to have fedora stabilization first for hyperscale

<@conan_kudo:matrix.org>

16:24:38

err

<@conan_kudo:matrix.org>

16:24:47

I'm leaning toward 6.9 because there's no fedora-6.10 branch yet and I generally like to have fedora stabilization first for hyperscale

<@davide:cavalca.name>

16:25:48

sounds good to me

<@davide:cavalca.name>

16:26:01

!topic Membership

<@davide:cavalca.name>

16:26:15

nothing here this week I think

<@conan_kudo:matrix.org>

16:26:31

should we close the ticket about the pending membership request?

<@conan_kudo:matrix.org>

16:26:45

iirc, it's from intel, so maybe we need to poke Ali Erdinç Köroğlu about it again?

<@davide:cavalca.name>

16:27:10

yeah, if we don't hear back I'd say we can close it

<@davide:cavalca.name>

16:27:30

we should also think about announcing a membership roll cleanup like we discussed in the past

<@conan_kudo:matrix.org>

16:28:22

yeah

<@conan_kudo:matrix.org>

16:28:40

I like us being the biggest SIG, but a big ghost town is still a ghost town 😛

<@davide:cavalca.name>

16:29:00

yup

<@davide:cavalca.name>

16:29:20

alright, that leaves us with

<@davide:cavalca.name>

16:29:21

!topic Miscellaneous

<@davide:cavalca.name>

16:29:27

anything else folks want to discuss?

<@salimma:fedora.im>

16:29:30

!hi

<@zodbot:fedora.im>

16:29:31

Michel Lind (salimma) - he / him / his

<@salimma:fedora.im>

16:29:36

sorry, my errands ran super late

<@salimma:fedora.im>

16:30:07

speaking of kernel... if/when we get into linux-distros how do we plan to handle kernel CVEs?

<@conan_kudo:matrix.org>

16:30:38

whoo boy, I don't know

<@conan_kudo:matrix.org>

16:31:02

normally CVEs are fixed in upstream Linux with a patch landing and being released, I believe

<@salimma:fedora.im>

16:31:13

presumably we'll have to be more serious about it :). IIRC to get in normally they require security issues to be patched within 10 days

<@salimma:fedora.im>

16:31:32

so yeah since the kernel normally patches quite fast... good thing we plan to track the upstream / Fedora kernel and not the CentOS one huh

<@conan_kudo:matrix.org>

16:31:35

err, CVEs are announced with patches in line

<@salimma:fedora.im>

16:31:41

we'll just have to be ready to release more often, I guess

<@salimma:fedora.im>

16:31:49

right. but being close to the latest means patching should be easier

<@conan_kudo:matrix.org>

16:31:50

the kernel CNA rules indicate they don't make CVEs for unfixed vulnerabilities

<@conan_kudo:matrix.org>

16:32:05

which... I'm of mixed feelings about

<@salimma:fedora.im>

16:32:13

whereas if we're tracking an older CentOS kernel with all the frankenpatches... we might have to wait for them to backport

<@conan_kudo:matrix.org>

16:32:19

yeah

<@salimma:fedora.im>

16:32:30

true.. but not all CVEs might get announced via the kernel CNA right?

<@conan_kudo:matrix.org>

16:32:40

they have to

<@salimma:fedora.im>

16:32:46

or is that a requirement that once there is a CNA they have to process a potential CVE? ah ok

<@conan_kudo:matrix.org>

16:32:50

that's the reason the kernel is a CNA

<@conan_kudo:matrix.org>

16:32:57

nobody else can declare CVEs anymore on that thing

<@salimma:fedora.im>

16:33:15

that makes things easier for downstreams, but yeah I could also see how this can be abused

<@salimma:fedora.im>

16:33:33

then again the whole CVE process is so disappointing and I trust kernel devs more than rando security outfits out for glory :P

<@conan_kudo:matrix.org>

16:33:34

I think one consequence is that we will need to rebuild automation for building kernels... my stuff is all broken from the churn in ARK

<@salimma:fedora.im>

16:33:46

(mind you I don't put legit ones like Qualys in that bucket)

<@conan_kudo:matrix.org>

16:33:54

so it needs to be remade, probably this time not in really crappy bash

<@salimma:fedora.im>

16:34:02

yeah.. being downstream of things like ARK has that issue

<@conan_kudo:matrix.org>

16:34:21

thankfully the ARK stuff has stabilized in the past year

<@salimma:fedora.im>

16:34:43

if there's something really bad, we can just have a failsafe plan to temporarily rebuild the Fedora kernel, no?

<@conan_kudo:matrix.org>

16:34:49

yes

<@salimma:fedora.im>

16:34:49

or is there something there that does not work for us

<@conan_kudo:matrix.org>

16:35:11

really our delta is largely configs applied to make fedora stuff show up on centos

<@conan_kudo:matrix.org>

16:35:46

it's going to be slightly more substantial for a bit as you literally can't build the kernel on f41+ and c10s and I have to pull non-upstream fixes for that, but _generally_ it should be very minute

<@conan_kudo:matrix.org>

16:35:58

the most substantial backport I'm even considering is sched_ext

<@salimma:fedora.im>

16:36:17

speaking of oss-security, oh fun the Python infra access token got leaked

<@conan_kudo:matrix.org>

16:36:27

I'm very excited to try it out for improving workstation and gaming workloads

<@conan_kudo:matrix.org>

16:36:33

but it will have an impact on things

<@salimma:fedora.im>

16:37:02

we can just ... rebase to a kernel that has sched_ext right?

<@conan_kudo:matrix.org>

16:37:24

once it's merged and a 6.11 release is out, yes

<@conan_kudo:matrix.org>

16:37:29

I believe sched_ext is merging in 6.11

<@salimma:fedora.im>

16:37:36

yeah, I see it's still in -next

<@salimma:fedora.im>

16:37:53

so should be in less than 3 months

<@salimma:fedora.im>

16:38:13

we can probably rope in some Meta kernel people for advice if there's an issue backporting it

<@conan_kudo:matrix.org>

16:38:19

that would be great

<@salimma:fedora.im>

16:38:31

what's the issue on f41+ and c10s? more Rust changes?

<@conan_kudo:matrix.org>

16:38:38

openssl and rust

<@conan_kudo:matrix.org>

16:38:57

openssl I just fixed last week

<@conan_kudo:matrix.org>

16:39:07

I need to decide whether I'm going to care about rust yet or not

<@conan_kudo:matrix.org>

16:39:23

I keep poking at it every cycle because people keep asking me about turning it on in fedora and hyperscale kernels

<@conan_kudo:matrix.org>

16:39:52

I think the answer is going to be "no" for now

<@conan_kudo:matrix.org>

16:40:18

for openssl, I'm going to need to poke the author of the non-upstream patches to find out the timeline for upstreaming

<@salimma:fedora.im>

16:40:20

so Hyperscale Asahi is still a way out then

<@conan_kudo:matrix.org>

16:40:29

probably not too far out

<@salimma:fedora.im>

16:40:36

(or if we do that we can just ship it with a bastardized Fedora kernel)

<@conan_kudo:matrix.org>

16:40:45

yeah that's probably what's going to happen

<@salimma:fedora.im>

16:40:47

right... now that they stop chasing nightly features it might be more doable soon

<@conan_kudo:matrix.org>

16:40:54

and the asahi stuff will likely be all in copr

<@conan_kudo:matrix.org>

16:41:23

it doesn't make a lot of sense to do that in CBS given that we need builds for tons of things that aren't present in centos core at all

<@conan_kudo:matrix.org>

16:41:37

and it can't reasonably go into epel either

<@conan_kudo:matrix.org>

16:42:00

so we will likely maintain a sig copr with the necessary overlays

<@salimma:fedora.im>

16:42:10

make sense

<@salimma:fedora.im>

16:42:21

there's already a hyperscale group in COPR, we can just have an Asahi project under it

<@conan_kudo:matrix.org>

16:42:25

yup

<@salimma:fedora.im>

16:42:29

though... can we call it asahi? I also don't mind calling it banana

<@conan_kudo:matrix.org>

16:42:35

we can call it asahi

<@conan_kudo:matrix.org>

16:43:09

unless marcan has a problem with it, we can do that

<@salimma:fedora.im>

16:43:16

Hyperscale Beer

<@conan_kudo:matrix.org>

16:43:21

🤣

<@salimma:fedora.im>

16:43:30

we're Free as in Beer

<@conan_kudo:matrix.org>

16:43:39

but since we're basically backporting Fedora Asahi to CentOS Hyperscale, I think it should be fine

<@conan_kudo:matrix.org>

16:43:58

we are probably going to have to deal with trademark stuff from the centos side though

<@salimma:fedora.im>

16:44:04

we'll give them a heads up anyway, obviously, so if there's an issue we'll know early

<@salimma:fedora.im>

16:44:08

oh right

<@salimma:fedora.im>

16:44:22

speaking of which who owns the Hyperscale trademark

<@conan_kudo:matrix.org>

16:44:26

I don't expect that to be an issue, but it is something we will need to deal with

<@salimma:fedora.im>

16:44:30

or is that specifically "CentOS Hyperscale"

<@conan_kudo:matrix.org>

16:44:35

"CentOS Hyperscale"

<@conan_kudo:matrix.org>

16:44:48

and I believe it's a common law mark associated with the registered mark for CentOS

<@salimma:fedora.im>

16:47:16

makes sense. Hyperscale itself won't be trademarkable

<@salimma:fedora.im>

16:47:32

so we're reliant on the CentOS project for branding anyway. can probably ask the promo folks on Thursday

<@conan_kudo:matrix.org>

16:47:37

yup

<@salimma:fedora.im>

16:47:39

or whenever we start working on this

<@conan_kudo:matrix.org>

16:48:07

it'll probably be a few months out

<@conan_kudo:matrix.org>

16:48:16

but that doesn't mean we can't start prepping now

<@conan_kudo:matrix.org>

16:48:39

it was not fun rushing through all that stuff for Fedora Asahi at the beginning of last year, so I'd like to not have to repeat that experience again

<@conan_kudo:matrix.org>

16:49:41

I'm also considering that we only offer KDE Plasma until we have Hyperscale GNOME built out for c10s

<@conan_kudo:matrix.org>

16:49:50

both for regular and asahi variants

<@salimma:fedora.im>

16:50:02

specifically for Asahi?

<@salimma:fedora.im>

16:50:10

oh regular too

<@conan_kudo:matrix.org>

16:50:20

there is no way I want to offer the gnome experience that RHEL 10 is going to ship, as it's devoid of almost everything you'd use

<@salimma:fedora.im>

16:50:27

if we think the experience is sub par (c10s will be the one with really barebone GNOME right?) I agree

<@conan_kudo:matrix.org>

16:50:47

yeah

<@salimma:fedora.im>

16:51:01

yeah... I think once EPEL10 is ready I'll stop work on the GNOME 9 prototype and just start building for 10

<@conan_kudo:matrix.org>

16:51:22

the 9 prototype work is at least useful for figuring out how to do it

<@salimma:fedora.im>

16:51:27

it's good enough exercise already to flush out weird issues, but the issues facing 10 will be different anyway, and we're early enough the rebuilding should be easier

<@salimma:fedora.im>

16:51:30

indeed

<@salimma:fedora.im>

16:51:45

we know we can. let's just focus on landing a working desktop on day 1

<@conan_kudo:matrix.org>

16:51:53

yup

<@conan_kudo:matrix.org>

16:52:15

so at least for my focus, working with Troy Dawson on KDE Plasma for EPEL 10 is important

<@salimma:fedora.im>

16:52:33

I would have prioritized it more if there's interest in deploying it at, say, corporate desktops (cough) but I have not really heard much about that, so we can assume there's not much life left in 9 to justify it now

<@conan_kudo:matrix.org>

16:53:07

and I'm thinking for 10 that we flagship on KDE for Hyperscale as part of aligning things around Asahi and Hyperscale

<@salimma:fedora.im>

16:53:18

so... fedora 41 beta will probably be a good time to start porting whatever GNOME components they have to hs.el10

<@conan_kudo:matrix.org>

16:53:29

probably yeah

<@salimma:fedora.im>

16:53:44

I don't mind that, yeah. purely from manpower effort alone KDE has more people working on it since it comes from EPEL

<@conan_kudo:matrix.org>

16:54:17

yeah, by no means I want to drop gnome, it's just we're not getting much from rhel anymore and it will take time to build a community around hyperscale gnome

<@salimma:fedora.im>

16:54:27

and... we can expose this awkwardness where Fedora insists "KDE does not have enough people working on it to be an edition" whereas we can say "look, in CentOS land GNOME does not have enough people working on it - why is it the default" :P

<@salimma:fedora.im>

16:54:32

nods

<@conan_kudo:matrix.org>

16:54:58

I do think we'll be able to build a community around hyperscale gnome through the various CentOS derivatives that will want it

<@salimma:fedora.im>

16:54:58

That's part of the reason I wanted to do it, I think it's an opportunity to get people working on Hyperscale that actually dogfood it on desktops

<@salimma:fedora.im>

16:55:34

right. esp since hyperscale gnome targets cXs without pulling in the rest of the HS stuff

<@conan_kudo:matrix.org>

16:55:48

and I do want to engage with Fedora Workstation on allowing us to have RHEL conditionals in the fedora packaging

<@conan_kudo:matrix.org>

16:56:14

ultimately, I'd like for us to be "upstream-first" here about it

<@davide:cavalca.name>

16:56:59

we're almost out of time

<@davide:cavalca.name>

16:57:22

fwiw I haven't usually had issues here

<@davide:cavalca.name>

16:57:30

though it's up to the individual maintainers

<@conan_kudo:matrix.org>

16:57:31

I don't think we will have issues either

<@daandemeyer/:matrix.org>

16:57:32

This has been working out great in the systemd spec

<@conan_kudo:matrix.org>

16:57:50

sorry this turned into a bit of a braindump 😅

<@salimma:fedora.im>

16:57:54

the nice thing is with ELN, having RHEL conditionals should be more acceptable

<@conan_kudo:matrix.org>

16:58:00

yup

<@salimma:fedora.im>

16:58:01

eh this is the Misc / Open Floor topic anyway

<@daandemeyer/:matrix.org>

16:58:05

Yup it became acceptable after ELN

<@salimma:fedora.im>

16:58:22

so worse case we can just rebuild from the ELN branch for packages where the maintainer is being difficult

<@conan_kudo:matrix.org>

16:58:33

yup

<@salimma:fedora.im>

16:58:36

s/worse/worst

<@pboy:fedora.im>

16:59:07

Guys, please remember, in 2 minutes server meeting starts here.

<@salimma:fedora.im>

16:59:28

let's wrap up

<@davide:cavalca.name>

16:59:33

yup, I was just about to close this

<@pboy:fedora.im>

16:59:46

OK, thanks!

<@davide:cavalca.name>

16:59:46

thanks everyone!

<@davide:cavalca.name>

16:59:53

!endmeeting